o YZa@A@sddlZddlZddlZddlZddlmZddlZddlmZm Z m Z ddl m Z ddl mZmZmZmZmZmZddlmZddlmZddlmZdd lmZmZmZz dd l mZmZWne yqdd lmZmZYnwzdd l!m"Z#Wne ydd l m#Z#Ynwddl$Z%dd l&m'Z'ddl(m)Z)m*Z*ddl+m,Z,m-Z-m.Z.mZm/Z/mZmZm0Z0e)e1e2Z3dZ4dZ5ej67ej68e9dZ:zddl;mddZ?Gddde@ZAGddde@ZBdS)!N) b64encode) PoolManagerproxy_from_urlTimeout)Retry)ssl OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSION PROTOCOL_TLSDEFAULT_CIPHERS)SSLError)ReadTimeoutError)ConnectTimeoutError)NewConnectionError ProtocolError ProxyError)PROTOCOL_TLS_CLIENT OP_NO_TICKET)orig_util_SSLContext) SSLContext)unquote)filter_ssl_warningsurlparse)ConnectionClosedErrorEndpointConnectionErrorHTTPClientErrorrProxyConnectionErrorrr InvalidProxiesConfigError< z cacert.pem)wherecCstSN)DEFAULT_CA_BUNDLEr$r$6/usr/lib/python3/dist-packages/botocore/httpsession.pyr!2sr!cCs&|dur|St}td||S)NTzCertificate path: {0})r!loggerdebugformat)verify cert_pathr$r$r% get_cert_path6s r+cs|r|tkrt}t||pt|durtjn|}|dur2d}|tO}|tO}|t O}|t O}j |O_ |tjksCt j dkrNtdddurNd_fdd}|tjkr`|_|n||_tdrztjd }|rzt jjsz|_S) z This function is a vendored version of the same function in urllib3 We vendor this function to ensure that the SSL contexts we construct always use the std lib SSLContext instead of pyopenssl. Nr)post_handshake_authTcstdddur d_dSdS)Ncheck_hostnameF)getattrr0r$contextr$r%disable_check_hostnamens z6create_urllib3_context..disable_check_hostnamekeylog_filename SSLKEYLOGFILE)r rr set_ciphersr r CERT_REQUIREDrr r roptionssys version_infor1r/ verify_modehasattrosenvirongetflagsignore_environmentr5) ssl_version cert_reqsr9ciphersr4 sslkeylogfiler$r2r%create_urllib3_context@s:      rGcCst|tr|S|dkS)z~Ensures a boolean value if a string or boolean is provided For strings, the value for True/False is case insensitive true) isinstanceboollower)valr$r$r%ensure_booleans  rMc@sNeZdZdZdddZddZddZed d Zd d Z d dZ ddZ dS)ProxyConfigurationaRepresents a proxy configuration dictionary and additional settings. This class represents a proxy configuration dictionary and provides utility functions to retreive well structured proxy urls and proxy headers from the proxy configuration dictionary. NcCs(|duri}|dur i}||_||_dSr")_proxies_proxies_settings)selfproxiesproxies_settingsr$r$r%__init__s  zProxyConfiguration.__init__cCs(t|}|j|j}|r||}|S)z7Retrieves the corresponding proxy url for a given url. )rrOr@scheme_fix_proxy_url)rQurl parsed_urlproxyr$r$r% proxy_url_fors  z ProxyConfiguration.proxy_url_forcCs2i}||\}}|r|r|||}||d<|S)zARetrieves the corresponding proxy headers for a given proxy url. zProxy-Authorization)_get_auth_from_url_construct_basic_auth)rQ proxy_urlheadersusernamepassword basic_authr$r$r%proxy_headers_fors  z$ProxyConfiguration.proxy_headers_forcCs|jSr")rPrQr$r$r%settingsszProxyConfiguration.settingscCs2|ds |dr |S|drd|Sd|S)Nhttp:zhttps:z//zhttp://) startswith)rQr]r$r$r%rVs  z!ProxyConfiguration._fix_proxy_urlcCs,d||}t|d}d|S)Nz{0}:{1}asciiz Basic {0})r(rencodestripdecode)rQr_r`auth_str encoded_strr$r$r%r\s  z(ProxyConfiguration._construct_basic_authc Cs8t|}z t|jt|jfWSttfyYdSw)NNN)rrr_r`AttributeError TypeError)rQrWrXr$r$r%r[s z%ProxyConfiguration._get_auth_from_urlrm) __name__ __module__ __qualname____doc__rTrZrbpropertyrdrVr\r[r$r$r$r%rNs    rNc@seZdZdZdddedddfddZeddZdd Zd d Z d d Z ddZ ddZ ddZ dddZddZddZddZdS)URLLib3Sessiona_A basic HTTP client that supports connection pooling and proxies. This class is inspired by requests.adapters.HTTPAdapter, but has been boiled down to meet the use cases needed by botocore. For the most part this classes matches the functionality of HTTPAdapter in requests v2.7.0 (the same as our vendored version). The only major difference of note is that we currently do not support sending chunked requests. While requests v2.7.0 implemented this themselves, later version urllib3 support this directly via a flag to urlopen so enabling it if needed should be trivial. TNcCs||_t||d|_tjjtjjd|_|durt}t |t t fs+t |d|dd}d|_ d|_t |tr:||_ n t |trE|\|_ |_||_||_||_|durUg|_i|_tdi||_|j|j_dS)N)rRrS)httphttpsr)connectreadr$)_verifyrN _proxy_configbotocore awsrequestAWSHTTPConnectionPoolAWSHTTPSConnectionPool_pool_classes_by_schemeDEFAULT_TIMEOUTrIintfloatr _cert_file _key_filestrtuple_timeout_max_pool_connections_socket_options_proxy_managersr_get_pool_manager_kwargs_managerpool_classes_by_scheme)rQr)rRtimeoutmax_pool_connectionssocket_options client_certproxies_configr$r$r%rTs2    zURLLib3Session.__init__cCs4|jj}||}||dd}dd|DS)Nproxy_use_forwarding_for_https)proxy_ssl_contextuse_forwarding_for_httpscSsi|] \}}|dur||qSr"r$).0kvr$r$r% sz2URLLib3Session._proxies_kwargs..)r|rd_setup_proxy_ssl_contextr@items)rQrSrproxies_kwargsr$r$r%_proxies_kwargss zURLLib3Session._proxies_kwargscKs6d|j|j||j|j|jd}|jdi||S)NT)strictrmaxsize ssl_contextr cert_filekey_filer$)rr_get_ssl_contextrrrupdate)rQ extra_kwargspool_manager_kwargsr$r$r%rs z'URLLib3Session._get_pool_manager_kwargscCstSr")rGrcr$r$r%rszURLLib3Session._get_ssl_contextcCs`||jvr+|j|}|j|d}|jdi|jt|fi|}|j|_||j|<|j|S)N) proxy_headersr$) rr|rbrrrrrr)rQr]rproxy_manager_kwargs proxy_managerr$r$r%_get_proxy_managers    z!URLLib3Session._get_proxy_managercCs.t|}|j}|s d}|jr|d|j}|S)N/?)rpathquery)rQrWrXrr$r$r% _path_url*szURLLib3Session._path_urlcCs6|dr|rd|_t||_dSd|_d|_dS)Nrwr8 CERT_NONE)rKrfrDr+ca_certs)rQconnrWr)r$r$r%_setup_ssl_cert3s  zURLLib3Session._setup_ssl_certc Cs|d}|d}|dur|durdS|}z-d|_|dur&|j|dt|tr9|j|d|dd|WSt|trC|||WStt fyX}zt |dd}~ww) Nproxy_ca_bundleproxy_client_certT)cafilerrx)keyfileerror) r@rr0load_verify_locationsrIrload_cert_chainrIOErrorURLLib3SSLErrorr)rQrSr proxy_certr3er$r$r%r;s&      z'URLLib3Session._setup_proxy_ssl_contextcCs|r ||}|S|j}|Sr")rr)rQrWr]managerr$r$r%_get_connection_managerRs  z&URLLib3Session._get_connection_managercCsR|du}|s ||St|j}|dko|jdd}|s"|dr$|S||S)NrwrFre)rrrUrr@rf)rQrWr] has_proxy proxy_schemeusing_https_forwarding_proxyr$r$r%_get_request_targetYs    z"URLLib3Session._get_request_targetcCs|dddkS)NzTransfer-Encodingchunked)r@)rQr^r$r$r%_chunkedmszURLLib3Session._chunkedc Cszd|j|j}||j|}||j}|||j|jttj ddr2t |jj }||j d<||j|}|j|j||j|jtdddd||jd }tj|j|j|j|}|jsb|j|WStyw} zt|j| dd} ~ wttjfy} zt |j| dd} ~ wt!y} zt"|| dd} ~ wt#y} zt$|j| dd} ~ wt%y} zt&|j| dd} ~ wt'y} zt(| ||jdd} ~ wt)y} zd } t*j+| d d t,| d d} ~ ww) N(BOTO_EXPERIMENTAL__ADD_PROXY_HOST_HEADERrhostF) methodrWbodyr^retriesassert_same_hostpreload_contentdecode_contentr) endpoint_urlr)r]r)rrequestrz4Exception received when sending urllib3 HTTP requestT)exc_infor)-r|rZrWrconnection_from_urlrr{rMr>r?r@rhostnamerrurlopenrrr^rrr}r~ AWSResponsestatus stream_outputcontentrr rsocketgaierrorrrrURLLib3ConnectTimeoutErrorrURLLib3ReadTimeoutErrorrrr Exceptionr&r'r) rQrr]rrrrequest_targeturllib_response http_responsermessager$r$r%sendpsv        zURLLib3Session.sendr")rprqrrrsMAX_POOL_CONNECTIONSrTrtrrrrrrrrrrrr$r$r$r%rus,  '       ru)NNNN)Cos.pathr>loggingrbase64rr:urllib3rrrurllib3.util.retryrurllib3.util.ssl_rrr r r r urllib3.exceptionsr rrrrrrrrrr ImportErrorurllib3.contrib.pyopensslrrbotocore.awsrequestr}six.moves.urllib_parserbotocore.compatrrbotocore.exceptionsrrrrr getLoggerrpr&rrrjoindirname__file__r#certifir!r+rGrMobjectrNrur$r$r$r%sX         (     L :